The CyberWire Daily Briefing for 1.2.2014
The Syrian Electronic Army (SEA) opens 2014 by hacking Skype's blog and social media accounts. It's a protest against Microsoft; user accounts appear unaffected.
Turkish hacktivists deface the United Nations Development Program for Ecuador. Neither Ecuador nor the UN are the targets: Ayyildiz Team's patriotic ire is directed against the United States, Israel, Armenia, and domestic opponents.
Exploiting a database vulnerability SnapChat had previously disclosed and dismissed as "theoretical," hackers compromise and expose more than 4 million SnapChat user accounts. Their stated objective was to shame SnapChat and other companies into improving their security.
Another online gaming site, Runescape, was attacked over the holidays, but service has now been restored.
Websense researchers explain how they believe Microsoft Windows crash reports afford hackers "a significant advantage," and promise more details at RSA.
Addressing the Chaos Conference in Hamburg, Wikileaks' Assange calls for massive online retaliation against NSA and its partners.
The Cloud Security Alliance and others predict movement toward a "zero–trust" security model. Augmented reality is seen as the up–and–coming hacktivist target. A ZDNet story purports to explain why Macs, despite vulnerabilities, remain safer than PCs: with PCs relatively easier to exploit, it's not worth hackers' while to go after Macs.
Concerns about government surveillance appear to be stoking an industry bandwagon for encryption solutions. French companies especially seem to be jumping on early.
Indictments are coming in South Korea's cyber command scandal. Ars Technica gives its four legal stories to watch in 2014: NSA litigation, Megaupload, Silk Road, and Lavabit.
Notes.
Today's issue includes events affecting Armenia, Ecuador, Estonia, European Union, Finland, France, India, Israel, Republic of Korea, New Zealand, Philippines, Syria, Turkey, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
'Syrian Electronic Army' hacks Skype's Twitter and blog accounts (The Guardian) Hacking group briefly takes over messaging service's social media accounts to allege sale of data to governments and publish Steve Ballmer contact details " but Skype accounts unaffected
Turkish Ayyildiz Team Hacks UNDP Ecuador Website, Leaves Anti–Israeli Message (Hack Read) The online hactivists Ayyildiz Team from Turkey has hacked and defaced the official website of United Nations Development Program (UNDP) designated for Republic of Ecuador. Hackers left a deface page along with a message on the hacked UNDP website which contains abusive messages against US, Israel and Armenia in Turkish language
4.6m Snapchat names and phone numbers leaked by hackers (CNet) Personal details of 4.6 million Snapchat accounts have been hacked and posted online. The hugely popular photo–sharing app has been targeted by hackers looking to shame Snapchat " and by extension, other apps and companies " into improving security, with experts warning "everyone is still at risk"
Predictably, Snapchat user database maliciously exposed (ZDNet) Snapchat is a textbook example of why responsible disclosure is a failure. On January 1, 2014, an anonymous user announced the release of SnapchatDB and 4.6 million usernames and matched phone numbers in a Hacker News post. The Snapchat accounts — even those marked 'private' — were exposed in a database hack that Snapchat knew about for four months, ignored, then told press last week was only "theoretical"
Malware and the Self–Deleting Batch File Method (Journey into Incident Response) Data destruction is an anti–forensic technique where data is deleted to limit the amount of forensic evidence left on a system. One data destruction anti–forensic technique leveraged by malware are self–deleting droppers and downloaders
Cryptolocker ransomware protection: A new reason for old advice (SearchITChannel) As with anything in technology, it is only a matter of time until a newer, faster version is available. Unfortunately, this is not always for the betterment of all. Earlier this year a new ransomware virus, called Cryptolocker, began infecting computers owned by individuals and businesses alike
Updated: Runescape Victim Of Cyber Attack (Gamesided) The Runescape website and affected servers have been restored. The group has been targeting yet another Twitch user, but nothing major has come of it just yet
More than 800 incidents of data loss in NHS health boards (STV News) There have been more than 800 incidents of data loss by health boards in the last five years, new figures have revealed
Unencrypted Windows crash reports give 'significant advantage' to hackers, spies (Computerworld) Windows' error– and crash–reporting system sends a wealth of data unencrypted and in the clear, information that eavesdropping hackers or state security agencies can use to refine and pinpoint their attacks, a researcher said today
WikiLeaks Julian Assange asks Hackers to Unite Forces Against NSA Surveillance (Hack Read) While addressing a large number of hackers and computer experts at Chaos Communication Congress in Hamburg, the WikiLeaks founder Julian Assange urged hackers from all over the world to join forces against National Security Agency (NSA)'s PRISM surveillance program
Significant Deficiencies' at Election Commission Put Agency At Risk (Threatpost) The Federal Election Commission (FEC) is highly vulnerable to intrusions and data breaches after an audit discovered "significant deficiencies" in the FEC's IT security program
Cyber Trends
Cloud computing 2014: Moving to a zero–trust security model (Computerworld) Another industry group, the Cloud Security Alliance, predicted a similar backlash due to concerns by Europen companies that the U.S. government
Predicting cyber hacktivists acts for 2014 (InformationWeek) Mobile devices will become the attack vector of choice, bringing in nastier threats and attacks. The "next big thing" that cybercriminals are waiting for could come from the world of augmented reality, says Dhanya Thakkar , Managing Director, India & SAARC, Trend Micro
Why Mac users are safer (ZDNet) The evidence is overwhelming: The opportunities to attack Mac users are plentiful, but nobody bothers. It's still too easy to get at Windows users. This has been obvious for some time and well-understood in the security community
How prepared are the financial markets for a cyber attack (The Banker) The threat of cyber attacks grows ever greater, as hackers become more and more sophisticated and an increasing level of data is handled electronically. So what are financial institutions, exchanges and governments doing to combat this threat
Shiver My Interwebs (Slate) What can (real) pirates teach us about cybersecurity
Key trends in ransomware, evasion techniques and social attacks (Help Net Security) McAfee Labs released a predictions report, analyzing 2013 trends through its Global Threat Intelligence (GTI) service to forecast the threat landscape for the coming year
4 Trends In Vulnerabilities That Will Continue In 2014 (Dark Reading) Bounty programs will continue to expand, more researchers will focus on embedded devices and libraries, and security software will find itself under more scrutiny
Marketplace
Alastair Mitchell: In–Q–Tel–Backed Huddle Starts Work on Agency Collaboration Tool (ExecutiveBiz) In–Q–Tel–backed Huddle has joined a five-year collaboration effort to develop standardized information technology operations for the intelligence community, Federal Times reported
Techies vs. NSA: Encryption arms race escalates (AP via Akron Legal News) Encrypted email, secure instant messaging and other privacy services are booming in the wake of the National Security Agency's recently revealed surveillance programs. But the flood of new computer security services is of variable quality, and much of it, experts say, can bog down computers and isn't likely to keep out spies
The security industry finds a dream enemy — government spy agencies (Computerworld) Revelations about mass surveillance will fuel encryption adoption in the next year, but implementing it will take care, security experts say
French Contractors Jump Into Market for Secure Communications (Wall Street Journal) But many U.S. firms that offer communications services say that well–implemented cryptography can remain secure. U.S.–based Silent Circle
Apple denies working with NSA to create back door (MarketWatch) Apple Inc. said it never worked with the National Security Agency to create a back-door way for the organization to spy on iPhone users and it was unaware of any program to target its products
HP to cut 5000 more jobs (ITWeb) Hewlett–Packard (HP) is set to cut 5000 more jobs, bringing the total number of layoffs to 34,000 — 11% of the company's workforce
ZTE reorgs to focus on operator, device, enterprise markets (ZDNet) ZTE reorganizes into three key business units"operators, mobile devices, and enterprises"and targets three emerging market segments as it maps outs its 2014 strategy
Products, Services, and Solutions
How to be notified that your password has been stolen (ZDNet) Now you can be notified if your email address appears in any new, publicly–released data breaches
Technologies, Techniques, and Standards
Eliminating black hat bargains (SearchSecurity) When it comes to information security defense, Mike Hamilton has a tough job. As the chief information security officer for the city of Seattle, Hamilton's responsibilities extend to the networks of a variety of other groups, such as the city's police and fire departments. The complexity of securing those networks requires that Hamilton focus not just on defense, but also on causing pain to any attacker
Four reasons why audits matter (Help Net Security) We live in a world where assurance is a precious commodity. People with bad intentions are getting smarter every day as evidenced by the recent compromise of nearly 40 million credit and debit card
'It has outlived its usefulness': The cross–border deal that sounds the death knell for physical signatures (ZDNet) One small memorandum of understanding, one big step for cross–border IT as Estonia and Finland ink deal for common online services
What's wrong with in–browser cryptography? (Tony Arcieri) If you're reading this, then I hope that sometime somebody or some web site told you that doing cryptography in a web browser is a bad idea. You may have read "JavaScript Cryptography Considered Harmful". You may have found it a bit dated and dismissed it
As the Network Shifts (SC Magazine) While 20 percent of the connections to a network are unknown, despite the investment of millions of dollars in security technology, it is critical to identify all connections within an enterprise. This 80-20 rule requires a premier discovery solution, one that will define a network perimeter and validate that unknown connections do not exist
Small Cells vs. Big Data (Foreign Policy) Can information dominance crush terrorism? The fundamental dynamic of the Cold War was an arms race to build nuclear weapons; conflict today is primarily driven by an "organizational race" to build network
To detect 100 percent of malware, try whitelisting 'ite' (Computerworld) Every antimalware scanner claims to catch 99 to 100 percent of malware. But how can that be true? If it were, our computers wouldn't get infected nearly as much as they do, and the antimalware industry would have roundly defeated its malicious foes by now
Design and Innovation
Bitcoin Is a High–Tech Dinosaur Soon to Be Extinct (Bloomberg) For all the regulatory crackdowns on Bitcoin in recent weeks, the cryptocurrency's advocates remain unfailingly optimistic. Bitcoin is the future, they tell us; it heralds a future where private, stateless currencies will dethrone the dollar and other monetary dinosaurs
Slide Show: 8 Effective Data Visualization Methods For Security Teams (Dark Reading) Getting the most out of security analytics data sets, large or small, by visualizing the information
Research and Development
Chipmakers Push Memory Into the Third Dimension (IEEE Spectrum) Samsung, Micron, and SK Hynix bet that transistor redesigns and chip stacking will make memory smaller and faster
Academia
Family of first CSC president donates P3M for construction of Cyber Building (Catanduanes Tribune) Just a stone's throw from the main building of the Catanduanes State University, workers are in the midst of pouring concrete for the columns of what would become the PG Tabuzo Cyber Building, named after the institution's first president: the educator Pedro G. Tabuzo of Salvacion, Virac
Deadline nears for master's program in cyber studies (Marine Corps Times) Members of the Marine Corps' cyber community — enlisted and civilian — can earn an advanced degree through the Information Assurance Scholarship Program
Une experte suisse en cybersécurité reçoit la Légion d'honneur (RTS) Solange Ghernaouti-Hélie, experte en cybersécurité et professeure à la Faculté des hautes études commerciales (HEC) de l'Université de Lausanne, est entrée mercredi dans l'Ordre de la Légion d'honneur
Legislation, Policy, and Regulation
Here's what we learned about the NSA's spying programs in 2013 (The Washington Post) On June 5, millions of Americans learned the U.S. government was collecting and storing information about their phone calls thanks to documents from former National Security Agency (NSA) contractor Edward Snowden. And over the following months, a barrage of stories revealing the extent of state–sponsored surveillance activities has held the front page of newspapers around the world captive
Good or not, change is coming to the NSA (The Washington Post) Changes are coming in the National Security Agency's offensive and defensive intelligence programs. They were run in relative secrecy by the NSA until June, when the first reports appeared based on documents that former NSA contractor Edward Snowden turned over to journalists
Obama, Congress should curb NSA (Charlotte Observer) With a federal judge's ruling last week that the National Security Agency's massive collection of U.S. citizens' telephone records is legal, President Barack Obama is getting timely cover to ignore an expert panel's recommendations for overhaul. It would be wrong and unwise for the president to do so
Security policy should be more clearcut (Rocky Mountain Telegram) President Barack Obama could help the whole world start the new year on a bright note by listening to an expert panel that has recommended reining in the eavesdropping practices of the National Security Agency
More reasons to rein in the NSA (Los Angeles Times) In addition to collecting phone data on Americans, other areas ripe for reform are uncontrolled national security letters and the use of information about Americans acquired 'incidentally'
Litigation, Investigation, and Law Enforcement
Cyber warfare official to be indicted over online smear campaign (GlobalPost) The director of the cyber command's psychological warfare team, identified only by his surname Lee, will face indictment without physical detention for
ACLU sues government over international calls (Gainesville Sun) A civil liberties group sued the U.S. government Monday, saying various agencies have failed to provide adequate documents related to what it calls the sweeping monitoring of Americans' international communications
Edward Snowden, Whistle–Blower (The New York Times) Seven months ago, the world began to learn the vast scope of the National Security Agency's reach into the lives of hundreds of millions of people in the United States and around the globe, as it collects information about their phone calls, their email messages, their friends and contacts, how they spend their days and where they spend their nights. The public learned in great detail how the agency has exceeded its mandate and abused its authority, prompting outrage at kitchen tables and at the desks of Congress, which may finally begin to limit these practices
Edward Snowden, the insufferable whistleblower (The Washington Post) Nor has living in an actual police state given the National Security Agency (NSA) whistleblower any greater appreciation of the actual freedoms that
Clues to Future Snowden Leaks Found In His Past (Washington's Blog) Only a tiny fraction of Snowden's documents have been published. What's still to come? We believe one hint comes from Snowden's past as a security specialist at one of one the NSA's covert facilities at the University of Maryland
Court Upholds Willy–Nilly Gadget Searches Along U.S. Border (Wired) A federal judge today upheld a President Barack Obama administration policy allowing U.S. officials along the U.S. border to seize and search laptops, smartphones and other electronic devices for any reason
Cyber Criminals Recorded Blackmailing U.S.–Based CEO (SC Magazine) Two Polish criminals who unleashed a sinister cyber attack to blackmail a multi-million pound Manchester-based internet company have been jailed
The top four tech legal cases to watch in 2014 (Ars Technica) While we're all wiping the champagne–induced sleep from our eyes, inevitably we have to sober up for 2014. The new year will mark new beginnings for all of us, but it will also mark the continuation (and perhaps conclusion) of a number of high–profile tech legal cases. We've chosen to highlight a few cases that could lead to profound changes in the tech landscape in years to come
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
FloCon 2014 (, Jan 1, 1970) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques.
NASA Langley Cyber Expo (Hampton, Virginia, USA, Jan 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer will be recruiting top federal speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions.This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location.
cybergamut Tech Tuesday: Malware Reverse Engineering: An Introduction to the Tools, Workflows, and Tricks of the Trade to Attack Sophisticated Malware (, Jan 1, 1970) Reverse engineering malware can be an integral part of every security team's calculus. This session provides a technical review of the tools, workflows, and advanced analytic insight a senior reverse engineer brings to the fight. It will help demystify the process and illustrate the value-proposition associated with deep analytics of malware. Moreover, understanding the detail available through reverse engineering gives the security professional deeper insight into the tactics and techniques the attackers use to circumvent their defensive solutions. The session empowers cyber security professionals at every level to make better-informed judgments on how to improve their response and remediation protocols.
Cybertech: Cyber Security Conference and Exhibition (, Jan 1, 1970) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber security. The conference will focus on commercial problem-solving strategies and solutions for cyber infrastructure experts across multiple sectors: energy, utilities, finance, defense, R&D, manufacturing, service sectors, health, government, telecommunications, transportation and more.
U.S. Census Data Protection & Privacy Day (Suitland, Maryland, USA, Jan 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees and contractors to discuss current data protection and privacy policy and to generate ideas to help evolve the current policies . The event will feature various participants from the U.S. Census Bureau as well as other government agencies and industry.
2014 Cybersecurity Innovation Forum (Baltimore, Maryland, USA, Jan 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations. The CIF will cover the existing threat landscape and provide presentations and keynotes on current and emerging practices, technologies and standards. The 2014 CIF will provide action-oriented outputs to fuel voluntary principle-driven consensus-based standards efforts, create opportunities for industry growth and drive research activities, and define use cases for subsequent exploration, which in turn will feed back into the subsequent CIF's, continually evolving the state of the art.